• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Cryptographers Track at the RSA Conference >Two-Message Key Exchange with Strong Security from Ideal Lattices
【24h】

Two-Message Key Exchange with Strong Security from Ideal Lattices

机译:两个消息密钥交换,具有理想格子的强大安全性

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In this paper, we first revisit the generic two-message key exchange (TMKE) scheme (which will be referred to as KF) introduced by Kurosawa and Furukawa (CT-RSA 2014). This protocol is mainly based on key encapsulation mechanism (KEM) which is assumed to be secure against chosen plaintext attacks. However, we find out that the security of the KF protocol cannot be reduced to IND-CPA KEM. The concrete KF protocol instantiated from ElGamal KEM is even subject to key compromise impersonation attacks. In order to overcome the flaws of the KF scheme, we introduce a new generic TMKE scheme from KEM. Instead, we require that the KEM should be secure against onetime adaptive chosen ciphertext attacks. We call this class of KEM as OTKEM. In particular, we propose a new instantiation of OTKEM from Ring Learning with Errors problem in the standard model. This yields a concrete post-quantum TMKE protocol with strong security. The security of our TMKE scheme is shown in the extended Canetti-Krawczyk model with perfect forward secrecy.
机译:在本文中,我们首先重新审视Kurosawa和Furukawa(CT-RSA 2014)引入的通用双信息密钥交换(TMKE)方案(其将被称为KF)。该协议主要基于密钥封装机制(KEM),该机制假设是安全的针对所选的明文攻击。但是,我们发现,KF协议的安全性无法减少到Ind-CPA KEM。从Elgamal Kem实例化的具体KF协议甚至可能受到威胁攻击的关键。为了克服KF计划的缺陷,我们介绍了KEM的新通用TMKE方案。相反,我们要求KEM应该对oneTime Adaptive选择的密文攻击安全。我们称这类Kem为Otkem。特别是,我们提出了在标准模型中与错误问题的rese学习的新实例化。这产生了具有强大安全性的混凝土后的TMKE协议。我们的TMKE方案的安全性显示在扩展Canetti-Krawczyk模型中,具有完善的前锋保密。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号